Skip to main content

The Privacy Policy for EEA

December 2022

(Introduction)

Besides Personal Information Protection Policy, the following provisions shall also be applied to the handling of personal information of persons residing in the European Economic Area (hereinafter referred to as the "EEA") based on the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive "95/46/EC". In the event that any provisions contradict those of Personal Information Protection Policy, the following provisions shall prevail.

(Processing Personal data)

(1) Definitions

"Personal data" means any data relating to an identified or identifiable natural person, When "you" or "your" are used in this statement, we are referring to the relevant individual who is the subject of the personal data.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Controller" means a legal person, etc. which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Processor" means a legal person, etc. which processes personal data on behalf of the Controller.

(2) Types of Personal Data to be Collected

JERA will collect, including but not limited to, the following types of personal data concerning

  • (a) Name
  • (b) Organization/Company name
  • (c) Department name
  • (d) Position
  • (e) Address
  • (f) Telephone numbers
  • (g) Fax numbers
  • (h) E-mail address
  • (i) URL

(3) Purposes of Use of Personal Data

JERA will process your personal data for the following purposes:

  • (a) To communicate with you about inquiries and requests.
  • (b) For other matters incidental or related to JERA business operations

JERA will process your personal data based on your consent within the scope of the above purposes of use; provided, however, that you may withdraw such consent at any time, which such withdrawal shall not affect any legitimate processing performed pursuant to the consent prior to the withdrawal. If JERA is to process your personal data for purposes other than the above, JERA will notify you in advance such new purposes of use and other matters as required by applicable laws.

JERA may require you to provide your personal data in connection with the provision of its services. In such a case that you do not provide your personal data, JERA may be unable to provide such services.

(4) Data source

The data we process is obtained primarily from you. However, we may receive or indirectly collect your personal data from other sources such as our business partners, data brokers, or public sources such as social networks, public websites and social media.

(5) Retention Period

JERA will retain your personal data to the extent JERA requires such data for achieving the purposes of use specified above.

(6) Third Party Transfer

JERA may provide your personal data to third parties such as the subsidiaries and affiliates, trustee including cloud vendor, etc., to implement the purposes of use specified above. Such third parties which JERA may provide your personal data include those located in countries outside the EEA (including, without limitation, Japan; the same shall apply hereinafter), and you are deemed to have consented to the following matters by consenting to this Privacy Policy for EEA:

  • (a) Certain countries outside the EEA may not be furnished with the same level of data protection laws as the EEA. Thus, part of the rights granted to you within the EEA may not be available;
  • (b) Your personal data may be provided and processed for the purposes specified above; and
  • (c) Your personal data may be provided to third parties located in a country outside the EEA.

(7) Disclosure, Correction, and Other Procedures concerning Personal Data

You are entitled to the rights to access, request for correction, request for deletion, request to limit the processing, object to the processing, and request for data portability, with regards to the personal data retained by JERA pursuant to the provisions of relevant laws and regulations. Such requests shall be attended to the contact point set forth in "5. Contact" as per below.
JERA may refuse your request if it deems that there is no basis for such request or if it deems that the request is excessive.
You may file objections to the data protection authorities having jurisdiction over the location of your domicile with regards to the processing of your personal data by JERA

(8) Possible consequences if personal data is not provided

Providing personal information to us is voluntary on your part. If you do not provide us with all or part of the personal data necessary for the purposes stated in the above "(2) Types of Personal Data to be Collected" or if the personal data provided by you is incorrect, we may not be able to provide you with the applicable services.

(9) Automated decision-making including profiling

Your personal data is not connected with automated decision-making (the process of making a decision by automated means without any human involvement) or profiling (automated processing of personal data to evaluate aspects about a natural person.).

(Security Control Measures)

In order to protect the personal data from unauthorized access and loss etc., taking into account the type of personal data, the degree of sensitivity and the severity of effects to you including economic influence and mental harm in case the personal data is unlawfully infringed, JERA has comprehensively evaluated and judged the risks of personal data infringement, and has implemented necessary and appropriate personal, organizational and technical security control measures in accordance with such the risk of personal data infringement. Further, JERA will review such security control measures as necessary, set up the process for taking corrective actions, and constantly make effort to improve its security.

If JERA, in its role as a Controller, contracts a Processor, JERA shall select a Processor which is capable of implementing appropriate technical and organizational measures and shall manage such Processor in an appropriate manner.
Pursuant to the GDPR, JERA shall prepare records of the processing of personal data.

(Amendment to this Privacy Policy for EEA)

JERA may amend this Privacy Policy for EEA at any time.

(Contact)

JERA’s contact point regarding this Privacy Policy for EEA is as shown below. Any questions or concerns regarding this Privacy Policy for EEA or the processing of personal data by JERA, or any requests concerning access, correction, deletion, limitation of processing or data portability of the personal data shall be attended to this contact point:

JERA Co., Inc.
Post: Nihonbashi Takashimaya Mitsui Building 25th Floor 2-5-1 Nihonbashi, Chuo-ku, Tokyo 103-6125, Japan
E-mail: security.master@jera.co.jp